CVE-2009-0404 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Bioinformatics htmLawed 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via invalid Cascading Style Sheets (CSS) expressions in the style attribute which is processed by Internet Explorer 7.

Reference

http://freshmeat.net/projects/htmlawed/?branch_id=74760&release_id=293026 http://freshmeat.net/projects/htmlawed/?branch_id=74760&release_id=293090 http://osvdb.org/51650 http://secunia.com/advisories/33655 http://www.bioinformatics.org/phplabware/forum/viewtopic.php?id=85 http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htms4.3 http://www.securityfocus.com/bid/33507 https://exchange.xforce.ibmcloud.com/vulnerabilities/48333